New Bank Licences-Make Cyber Crime Insurance Mandatory

The applications received by RBI for new Bank licenses and the possible political push for issue of licenses before the next elections have raised a serious concern in the market that undeserving companies with political connections may some how make it to the next grade. There will be extreme pressure on RBI to grant the license on a provisional basis so that the aspirants can prove their credentials later.  RBI is likely to be assured that they can anyway refuse the license at the next stage. However, even if some of the applicants may later withdraw from the fray, the interim benefit they gain from the stock markets or for inviting investments is good enough to make them use all their clout to get the tag of “Licensed to Open a Bank”. (Report) 

Presence of Gold Financiers, Real Estate Companies, Stock Brokers, Authorized Dealers indicate that if RBI is not careful, there is the real danger of the licensing scheme being misused.  Even some of the public sector applicants may be used as a tool of the ruling political interests to create a “Bank for the Ruling Political Party”. The loyalty of the public sector bosses to the ruling class is too well known to ignore the prospects of the pubic sector license aspirants such as the Tourism Finance corporation who have no strong reason to be in Banking business.

Additionally, one of the applicants appear to have the background as a mobile handset manufacturer and seems to be interested in getting into Banking because they see prospects in “Mobile Banking”. What a joke!

Not withstanding the exuberance of this mobile handset manufacturer, it is clear that most of the applicants including reputed Corporates donot have any specific strength in grassroot Banking. Their dependence on technology will therefore be higher than the current generation of Bankers. In fact we are likely to see a near “Virtual Bank” model being adopted by some of the applicants.

Even the Shriram Group which has a long and in depth experience in mobilization of deposits from grassroot level and lending in retail in a traditional personalized model has indicated that it proposes to adopt the “Wells Fargo” model with emphasis on roving Bankers carrying tablets indicating that we are likely to see a “Near Virtual Bank” model coming into existence in India for the first time.

While it is not entirely undesirable that “Near Virtual Bank” may come into existence after this phase of licensing, the need for the highest level of information security need to be emphasised. At present we are witnessing that the push from RBI for information security through the Gopalakrishna Working group (GGWG) is being resisted by most banks. Even the law in the form of ITA 2008 is being flouted in the E Banking practices by most Banks. It is therefore possible that the new Banks may also take information security lightly. Herein lies the danger to the community. With the surge of a new wave of technology usage in Banking, the customers may be placed in a high risk situation.

Banks in India have resisted for 12 years, the mandatory guidelines for “Insuring the customers against risks such as Hacking, Denial of Service attacks,technology failures etc” which the RBI mandated on June 14, 2001. Banks have resisted the ITA 2000 provisions on “Digital Signatures” for the last 13 years. Now they are resisting the GGWG recommendations as well. The reason is that Banks have become “Greedy” for profits at any costs. Most Banks have drafted Internet Banking guidelines which are opposed to law and the RBI guidelines. Many of these terms place the responsibility for Cyber Crimes as well as the losses arising out of the inefficiency of the Banks on the customers and declare that their objective is to make profits and they would provide only such security as is commercially feasible.

Unfortunately RBI has not monitored such “Illegal Banking” and put an end to such unfair, unethical and illegal practices. Thy should do so at least now.

Now if RBI does not wake up, they will have another set of “Total Technology Dependent Banks” posing a greater challenge to them in implementing information security regulations. RBI should therefore be extremely circumspect about the ability of the applicants of license to carry on “Safe E Banking” and extract workable assurances for ensuring that whatever Banking they propose to do will be “Safe” not only for themselves but for the customers.

In fact it should be part of the licensing norm that the Banks should provide complete insurance to the Depositors against any loss occurring to them on account of any Cyber Frauds. In their business plans the licensees should indicate how they are safeguarding their systems with an appropriate information security plan and also cover the technology banking risks of their customers through an appropriate insurance program.

In other words, RBI should make  “Cyber Crime Insurance”  a mandatory warranty to be provided by the Banks to their customers as part of their account opening obligations if they need new license to enter the Banking industry.

I also urge the new Bank license aspirants to consider offering such “Cyber Crime Free E Banking Facility” and provide such an assurance to RBI as a part of their commitment to the industry. This should strengthen their chances of getting the license in this competitive bid.

Naavi

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, Cyber Crime, RBI. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.